﻿using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data.SqlClient;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class resetPassword : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        //检查GET参数是否齐全
        if (Request.QueryString["userID"] == null || Request.QueryString["_t"] == null)
        {
            Response.Redirect("noGETParameter.html", true);
            return;
        }
        else
        {
            //检查通过，通过userID从数据库中读取username，然后比较
            string userID = Request.QueryString["userID"];

            //从数据库中读取username
            ConnectionStringSettings settings = ConfigurationManager.ConnectionStrings["connectionString"];
            using (SqlConnection dataBaseConnection = new SqlConnection(settings.ConnectionString))
            {
                dataBaseConnection.Open();

                string queryString = "SELECT username " +
                                     "FROM users " +
                                     "WHERE userID = @userID";
                SqlCommand command = new SqlCommand(queryString, dataBaseConnection);
                SqlParameter userIDParameter = new SqlParameter("@userID", userID);
                command.Parameters.Add(userIDParameter);
                SqlDataReader reader;
                try
                {
                    reader = command.ExecuteReader();
                }
                catch (Exception exception)
                {
                    main.InnerHtml = "数据库方面发生了错误，请联系我们以解决 AFTER GET username " + exception.Message;
                    return;
                }

                //验证加密的用户名是否正确
                reader.Read();
                string username = reader["username"].ToString();
                if (Request.QueryString["_t"] != BitConverter.ToString(SHA1.Create().ComputeHash(Encoding.Unicode.GetBytes(username))).Replace("-", ""))
                {
                    main.InnerHtml = "您现在还无法重置密码，因为链接中的加密指令不正确";
                    return;
                }
            }
        }
    }
    protected void submit_Click(object sender, EventArgs e)
    {
        //检查是否填写完整
        if (newPassword.Text.Trim() == string.Empty || newPassword_confirm.Text.Trim() == string.Empty)
        {
            main.InnerHtml = "请将信息填写完整";
            return;
        }
        else
        {
            string newpassword = newPassword.Text.Trim();
            string newpassword_confirm = newPassword_confirm.Text.Trim();

            //比较两个密码是否相等
            if (newpassword != newpassword_confirm)
            {
                main.InnerHtml = "您输入的两个密码不一致，请重新输入";
                return;
            }
            else
            {
                //通过所有检查，插入数据库
                ConnectionStringSettings settings = ConfigurationManager.ConnectionStrings["connectionString"];
                using (SqlConnection dataBaseConnection = new SqlConnection(settings.ConnectionString))
                {
                    dataBaseConnection.Open();

                    string queryString = "UPDATE users " +
                                         "SET password = @password " +
                                         "WHERE userID = @userID";
                    SqlCommand command = new SqlCommand(queryString, dataBaseConnection);
                    SqlParameter userIDParameter = new SqlParameter("@userID", Request.QueryString["userID"]);
                    SqlParameter passwordParameter = new SqlParameter("@password", SHA1.Create().ComputeHash(Encoding.Unicode.GetBytes(newpassword)));
                    command.Parameters.AddRange(new SqlParameter[]
                    {
                        userIDParameter,
                        passwordParameter
                    });
                    try
                    {
                        command.ExecuteNonQuery();
                    }
                    catch (Exception exception)
                    {
                        main.InnerHtml = "数据库方面发生了错误，请联系我们以解决 AFTER UPDATE users " + exception.Message;
                        return;
                    }

                    //重置密码成功，返回成功信息，包括指向登录界面的链接
                    main.InnerHtml = "<p>恭喜您密码重置成功！请牢记您的新密码，以免带来不必要的麻烦<br>去<a href=\"login.aspx\">登录</a></p>";
                }
            }
        }
    }
}